Passport/pkg/services/auth.go

126 lines
2.9 KiB
Go
Raw Normal View History

2024-02-20 13:46:15 +00:00
package services
import (
"fmt"
"sync"
"time"
2024-03-20 12:56:43 +00:00
jsoniter "github.com/json-iterator/go"
2024-04-13 05:48:19 +00:00
"git.solsynth.dev/hydrogen/passport/pkg/models"
2024-02-20 13:46:15 +00:00
"github.com/gofiber/fiber/v2"
"github.com/rs/zerolog/log"
2024-02-20 13:46:15 +00:00
)
var (
authContextMutex sync.Mutex
authContextCache = make(map[string]models.AuthContext)
)
func Authenticate(access, refresh string, depth int) (ctx models.AuthContext, perms map[string]any, newAccess, newRefresh string, err error) {
2024-04-20 11:04:33 +00:00
var claims PayloadClaims
claims, err = DecodeJwt(access)
2024-02-20 13:46:15 +00:00
if err != nil {
if len(refresh) > 0 && depth < 1 {
// Auto refresh and retry
2024-04-20 11:04:33 +00:00
newAccess, newRefresh, err = RefreshToken(refresh)
2024-02-20 13:46:15 +00:00
if err == nil {
return Authenticate(newAccess, newRefresh, depth+1)
2024-02-20 13:46:15 +00:00
}
}
err = fiber.NewError(fiber.StatusUnauthorized, fmt.Sprintf("invalid auth key: %v", err))
return
2024-02-20 13:46:15 +00:00
}
newAccess = access
newRefresh = refresh
if ctx, err = GetAuthContext(claims.ID); err == nil {
var heldPerms map[string]any
rawHeldPerms, _ := jsoniter.Marshal(ctx.Account.PermNodes)
_ = jsoniter.Unmarshal(rawHeldPerms, &heldPerms)
perms = FilterPermNodes(heldPerms, ctx.Ticket.Claims)
return
}
err = fiber.NewError(fiber.StatusUnauthorized, err.Error())
return
}
func GetAuthContext(jti string) (models.AuthContext, error) {
var err error
var ctx models.AuthContext
2024-05-17 11:37:58 +00:00
if val, ok := authContextCache[jti]; ok {
ctx = val
ctx.LastUsedAt = time.Now()
authContextMutex.Lock()
2024-05-17 11:37:58 +00:00
authContextCache[jti] = ctx
authContextMutex.Unlock()
2024-05-17 11:37:58 +00:00
log.Debug().Str("jti", jti).Msg("Used an auth context cache")
} else {
ctx, err = CacheAuthContext(jti)
2024-05-17 11:37:58 +00:00
log.Debug().Str("jti", jti).Msg("Created a new auth context cache")
}
return ctx, err
}
func CacheAuthContext(jti string) (models.AuthContext, error) {
var ctx models.AuthContext
// Query data from primary database
2024-04-21 04:20:06 +00:00
ticket, err := GetTicketWithToken(jti)
2024-02-20 13:46:15 +00:00
if err != nil {
2024-04-21 04:20:06 +00:00
return ctx, fmt.Errorf("invalid auth ticket: %v", err)
} else if err := ticket.IsAvailable(); err != nil {
return ctx, fmt.Errorf("unavailable auth ticket: %v", err)
2024-02-20 13:46:15 +00:00
}
2024-04-21 04:20:06 +00:00
user, err := GetAccount(ticket.AccountID)
2024-02-20 13:46:15 +00:00
if err != nil {
return ctx, fmt.Errorf("invalid account: %v", err)
}
ctx = models.AuthContext{
2024-05-17 11:37:58 +00:00
Ticket: ticket,
Account: user,
LastUsedAt: time.Now(),
2024-02-20 13:46:15 +00:00
}
2024-05-17 11:37:58 +00:00
// Put the data into memory for cache
authContextMutex.Lock()
2024-05-17 11:37:58 +00:00
authContextCache[jti] = ctx
authContextMutex.Unlock()
2024-05-17 11:37:58 +00:00
return ctx, nil
}
2024-05-17 11:37:58 +00:00
func RecycleAuthContext() {
if len(authContextCache) == 0 {
return
}
affected := 0
for key, val := range authContextCache {
if val.LastUsedAt.Add(60*time.Second).Unix() < time.Now().Unix() {
affected++
authContextMutex.Lock()
2024-05-17 11:37:58 +00:00
delete(authContextCache, key)
authContextMutex.Unlock()
}
2024-05-17 11:37:58 +00:00
}
log.Debug().Int("affected", affected).Msg("Recycled auth context...")
}
2024-05-17 11:37:58 +00:00
func InvalidAuthCacheWithUser(userId uint) {
for key, val := range authContextCache {
if val.Account.ID == userId {
authContextMutex.Lock()
2024-05-17 11:37:58 +00:00
delete(authContextCache, key)
authContextMutex.Unlock()
2024-05-17 11:37:58 +00:00
}
}
2024-02-20 13:46:15 +00:00
}